[discuss] ICANN policy and "Internet Governance"

S Moonesamy sm+1net at elandsys.com
Sat Jan 4 16:02:13 UTC 2014


Hi John,
At 05:45 04-01-2014, John Curran wrote:
>   These are Internet-related issues because they incorporate Internet
>   aspects that are not readily separated from routine law enforcement
>   components...
>
>   If I respond to an email indicating that I need to reset my bank
>   password, dutifully enter my username and password as instructed,
>   and then find out that my savings has disappeared, it poses some
>   very different challenges for law enforcement than if someone puts
>   a device on the ATM (which copies my card info and pin) and then
>   takes all of my savings.
>
>   Yes, it is true that both approaches share a chance of successful
>   investigation and prosecution based on "following the money", i.e.
>   the funds transfer which empties the account.  This is one small
>   advantage of crimes have financial components (and it is indeed
>   a rather small advantage, given the efforts necessary for its use
>   during routine law enforcement matters.)
>
>   The reality is that the latter theft (based on efforts in the real
>   world) offers an abundance of physical evidence; everything from
>   construction of the skimming device itself, to the ATM video footage
>   of its installation and/or its removal...
>
>   In the case of the cyberspace-based theft, done via a phishing
>   email, there is literally nothing to go on... i.e. there may be one
>   IP address that could be related to origin of the email (but is far
>   more likely just a botnet-infected home PC doing email origination)
>   There will be a domain-name or IP address associated with the web
>   site that was used to collect the account info, but neither of these
>   are necessarily are a reliable indicator of even the country of the
>   perpetrator, let alone the organization/entity/individual involved.
>   Even if the perpetrator were particularly sloppy, the relationship
>   between any alleged perpetrator and the website is completely based
>   on information in various Internet databases which contain the IP
>   and DNS registrations, and hence the practices related to entry and
>   update of these databases are inherently both Internet and public
>   policy matters.

There are two security-related email technologies available to verify 
whether a message is actually from the email address which shows up 
as the sender.  I am not aware of it being widely used by financial 
institutions to communicate with their customers.  I looked up the 
security-related information provided by some financial institutions 
in several countries.  The information for crime prevention is not of 
much help to the customer.

The problem mentioned above is about phishing.  It is a significant 
problem as the consumer ends up losing money or jeopardizing their 
personal safety.  One of the alternatives to track the source of the 
unwanted message is to have some body, e.g. government, the service 
provider, keep a log of all mail transactions.  The body would then 
be able to track a message which was sent yesterday, last month, last 
year, etc.  I think that there might be some privacy implications 
when logging that information.  It is not a technical matter though.

The activity is likely more difficult to track when it occurs as a 
cross-border activity.  I gather that is what people consider as the 
internet policy angle.  There is a draft convention for a part of the 
world which covers the above problem (see 
http://au.int/en/sites/default/files/AU%20Convention%20EN.%20%283-9-2012%29%20clean_0.pdf 
).  The internet policy for problems such as the one mentioned above 
might be to turn that draft into legislation.

Regards,
S. Moonesamy  




More information about the discuss mailing list